Developers: | Kaspersky Kaspersky |
Date of the premiere of the system: | December 2015 |
Last Release Date: | 2024/09/30 |
Branches: | Information Technology |
Technology: | Information Security - Antiviruses |
Main article: Antiviruses
2024
Ability to audit security settings
Kaspersky Lab has expanded the capabilities of the XDR platform for protecting industrial enterprises - Kaspersky Industrial CyberSecurity (KICS). The company announced this on September 30, 2024. The updated version has strengthened the security audit function - due to improved configuration control and support for new types of assets. It is also now possible to conduct active scheduled surveys to automatically generate a network connection map. Other important changes include integration with Kaspersky SD-WAN, which will increase the number of monitoring points.
The updated KICS platform allows you to audit security settings, as well as track changes using agent and agentless polling of Windows and Linux hosts, network devices and PLCs to collect configurations. For all types of supported assets, a ready-made set of rules is provided out of the box, information about them can be collected manually or on a schedule. The accumulated configuration archive can be used to monitor and analyze changes.
The solution can also define new types of assets - installed, ON fixes, lists of local users and discovered executables. files The KICS for Nodes component installed on the host (Windows and Linux) transmits information KICS for Networks about them with periodic updates. This allows you to automatically capture changes to the network and receive alerts in case of deviations. Combining lists software and users greatly simplifies incident analysis: this helps INFORMATION SECURITY specialists identify hosts with suspicious executables, as well as track certain user actions within the framework of registered events.
Active scheduled device polls and network topology. KICS creates a topological map of the network: it contains up-to-date information about connections between assets, as well as about changing the security status of devices on which agents (computers or switches) are not installed. If passive monitoring does not allow sufficient data to be collected, active polling can be performed. After the update, active surveys can also be done on a schedule: this allows you to automate the construction of a topology map and receive up-to-date data on connections, asset attributes and security settings. Based on the results of each launch, a detailed report will be formed with the results of surveys and a list of possible problems.
More opportunities for finding anomalies in networks and systems of power facilities. The solution introduced the IEC 61850 advanced configuration control feature based on the SCD reference file. SCD files (substation configuration description) are created at the stage of substation design and describe its complete configuration - IED, computers, network communication settings, necessary values for process control. KICS for Networks supports importing SCD files for configuration analysis, asset attribute extraction, and IEC 61850 settings. It also provides a report on detected errors and incorrect configurations. Monitoring of the substation network based on the available samples allows timely detection of unauthorized network connections, abnormal activity, failures or errors in IEC 61850 connections indicating incorrect operation of the equipment or incorrect configuration.
Integration with Kaspersky SD-WAN and. Cisco Integration with Kaspersky SD-WAN will allow enterprises with a geographically distributed infrastructure to increase the number of monitoring points - from 50 to 100. If KICS for Networks sensors cannot be placed on an object due to the size of the equipment or connection restrictions, remote monitoring can be organized: by transferring traffic directly to the KICS for Networks node located in the central office. SD-WAN technology will allow you to quickly and safely deploy new software-defined networks between company branches in order to transfer a copy of industrial traffic from the source switch to the monitoring node. The solution also supports switchboards based on Cisco IOS for even greater flexibility in building networks.
The portable KICS Portable Scanner solution will now be delivered on secure media, Rutoken which will increase its overall security and strengthen the protection of confidential data customers. It is designed to protect physically isolated systems: they are found in industries that need it according to safety requirements, as well as in organizations with geographically inaccessible objects. KICS Portable Scanner supports scanning devices running on old OS () devices Windows 2000 , has an audit vulnerabilities and non-compliance function, and is able to inventory assets and collect traffic samples from isolated segments or APCS sporadically connected. laptops
We are committed to helping our customers strengthen the protection of IT and OT assets. The functionality of the updated KICS platform will strengthen the security of critical infrastructure, increase the overall visibility of what is happening within the industrial network and improve asset control. The solution also provides flexible opportunities to deploy geographically distributed networks and securely transfer data between them, "said Andrey Strelkov, Head of Industrial Security Product Development at Kaspersky Lab. |
Compatibility with Digital Solutions
Kaspersky Lab and Digital Solutions presented a joint solution to protect industrial organizations. Kaspersky Lab announced this on August 19, 2024.
The stable development of industrial enterprises and facilities critical infrastructure depends on the reliability of production and, business processes as well as the protection of important assets. Every year the number and complexity of cyber attacks various enterprises is growing. According to industries information Kaspersky ICS CERT, in 2023 malicious objects were detected and blocked by 34.3% in. computers APCS Russia
Within the framework of the technological partnership, Kaspersky Lab and Digital Solutions tested for compatibility an aggregating unidirectional gateway, a Phoenix DIODE network packet broker, DS DS Integrity NG Copper-TAP network traffic couplers with the Kaspersky Industrial CyberSecurity for Networks (KICS for Networks) industrial network traffic monitoring system. The joint work of these solutions will help to comprehensively protect the infrastructure of TP enterprises ASU.
Functional tests were performed during testing. The testing procedure for checking the compatibility of solutions included several stages corresponding to the basic usage patterns.
The main scenario involves several stages of traffic collection and processing: Phoenix-DIOD is installed on the boundary of the closed network segment. The device aggregates traffic and filters according to the specified rules, optimizing the data for analysis. When combining several branches of the APCS network, traffic from several Phoenix-DIOD gateways installed in each of them is sent to the DS Integrity NG network packet broker. DS Integrity NG traffic collected, optimized and prepared is sent for further processing to the KICS for Networks industrial network traffic monitoring system.
The comprehensive solution was tested by the engineers of the Kaspersky Lab technology center and Digital Solutions and is ready for use in industrial enterprises, government agencies and enterprises of the corporate sector. The results of the tests showed that this integration helps to comprehensively protect the infrastructure of APCS enterprises.
Completion of comprehensive testing with Kaspersky Lab solutions opens up new opportunities for both customers and us. The Phoenix-DIOD aggregating unidirectional gateway provides a physical layer of protection for the perimeter of CII objects, while KICS for Networks allows you to detect and investigate information security threats and process anomalies within the perimeter of an industrial network. Industrial enterprises are able to build comprehensive infrastructure protection against targeted attacks and complex threats, maintaining a high degree of security and reliability when connecting information security monitoring tools, "said Sergey Plotko, director of analytics and integration at Digital Solutions. |
We are pleased to continue our partnership with Digital Solutions - in June 2024 we announced the integration of Kaspersky Anti Targeted Attack and DS Integrity NG network package broker. We have successfully tested the DS Integrity NG product suite, Phoenix-DIOD gateway and DS Copper-TAP network traffic couplers with Kaspersky Industrial CyberSecurity for Networks. When used together, the tested complex allows solving the problems of identifying risks, anomalies and threats to the information security of industrial enterprises without changing the perimeter of the security object, ensuring reliability, security and flexibility in building and operating monitoring tools, "said Marina Usova, director of corporate sales at Kaspersky Lab in Russia. |
Compatibility with InfoDiode Smart
AMT GROUP and Kaspersky Lab completed test tests, during which the compatibility of the unidirectional InfoDiode SMART APC gateway and the Kaspersky Industrial CyberSecurity platform was confirmed. AMT GROUP announced this on July 30, 2024. Read more here.
2023: Ability to automate security compliance process
Kaspersky Lab has expanded the functionality of the industrial platform Kaspersky Industrial CyberSecurity. The solution now automates the security compliance process. Other important changes include closer integration between key elements of the XDR platform - KICS for Nodes and KICS for Networks. This will speed up the response to incidents. In addition, the platform now provides advanced XDR and Network Traffic Analysis (NTA) capabilities. The interface has also been updated - it has become even more convenient to manage the platform. The company announced this on November 23, 2023.
Deeper component integration and enhanced XDR capabilities. In the updated version of the platform, the KICS for Nodes endpoint protection solution can be used as a host agent to collect an advanced set data for in-depth analysis of incidents and respond to them. Thanks to this, operators will receive notifications about events in the network, containing data on the host and processes running on it, the activity of registered users and network communications with higher accuracy. Security Center Analysts () SOC and Dispatching and Data Acquisition System Engineers () SCADA will have information detailed information about suspicious activity, with detailed analysis of the point of penetration into the infrastructure and indicators of compromise. The additional context will allow you to quickly and accurately decide on the necessary response measures, as well as directly respond, preventing further spread. attacks
Thanks to the capabilities of XDR, customers can now manage the KICS installation base from a single console, as well as scale the work to ensure the security of APCS to many large geographically distributed sites.
Automated security audits to identify hidden threats. Kaspersky Industrial CyberSecurity now allows you to conduct an automated centralized security audit of network nodes and devices on Windows and. Linux Thanks to this feature, users will be able to automatically check the host or group of hosts for vulnerabilities the presence of software incorrect settings, as well as for compliance with local or international legislation and corporate policies, in particular requirements. To Federal Service for Technical and Export Control (FSTEC) of Russia evaluate hosts, KICS uses the open vulnerability and assessment language (OVAL) and the extensible configuration checklist description format (XCCDF).
Using the built-in database of APCS vulnerabilities from Kaspersky ICS CERT, the KICS platform allows you to implement automated vulnerability scanning in the used automation system. By constantly updating the data, users will regularly receive up-to-date information about potential or existing risks according to the selected parameters. All reports are stored in the KICS for Networks asset base.
Network traffic analysis for better incident response. The updated version of KICS for Networks uses a more advanced network traffic analysis (NTA) system, which provides the ability to analyze traffic both on the perimeter and throughout the infrastructure. To identify attacks, methods such as behavioral analysis, detection rules, compromise indicators and protocol verification are used. Industrial NTA allows you to better detect threats such as brute force attacks, spoofing and temporary anomalies using a static analyzer. KICS for Networks displays complete network session information, including destinations, protocols used, and traffic data. It also stores a traffic archive and allows you to use advanced settings to save data. KICS for Networks downloads PCAP files to investigate incidents, providing traffic data by criteria such as those obtained from nodes or protocols, and by time range or sessions.
The industrial node protection solution KICS for Nodes has received support for new PLC (programmable logistics controller) models to monitor the integrity of programs: devices based on CODESYS V3, ARIES PLK210, Fastwel CPM723-01, Prosoft Systems Regul R500, Siemens SIMATIC S7-1500, Siemens SIMATIC S7-1200, Siemens SIPROTEC 4 series.
Kaspersky Industrial Cybersecurity is an important element, the basis of the ecosystem for industrial cyber security Kaspersky OT Cybersecurity. Updating the specialized XDR platform will allow industrial companies to build effective protection of the industrial segment based on many years of international expertise and tested technologies. Thanks to cross-product scenarios and the strengthening of each platform component, we make the XDR concept a reliable tool for ASU TP protection. Integration with other Kaspersky Lab solutions, such as Kaspersky Unified Monitoring and Analysis Platform, to enhance monitoring and response capabilities in industrial infrastructure or to combine - and IT OT segments of the enterprise, including in conjunction with the corporate platform Kaspersky Symphony XDR, provides our customers with broader and more flexible functions of cybersecurity systems management, - said Andrey Strelkov, Head of Industrial Security Products Development at Kaspersky Lab. |
2022: As part of PAC based on Depo Storm Kaspersky Industrial CyberSecurity (KICS)
Axoft, Kaspersky Lab and DEPO Computers presented Russian hardware and software complexes based on the DEPO Storm server platforms and Kaspersky Lab software products. The complexes were tested by engineers of the DEPO Computers technology center and are ready for use in government agencies and enterprises of the corporate sector. Read more here.
2020: KICS for Networks compatibility with InfoDiode rack module/Mini
On December 28, 2020, the companies AMT GROUP and "" Kaspersky Lab announced the completion of comprehensive testing of the joint use of hardware models (InfoDiode AK InfoDiode rack module, AK InfoDiode Mini) with the product Kaspersky Industrial CyberSecurity for Networks (KICS for Networks) data industrial in enterprise transmission networks. Working in conjunction, the products complement each other's functionality.
As explained, as industrial enterprises become more "digital": actively invest in intelligent technologies and automation systems and implement the concept of the fourth industrial revolution, they have to reconsider approaches to protecting the industrial segment. The blind "air gap" between the technology network and the corporate IT infrastructure becomes an obstacle to the modernization of production, but the complete abandonment of it poses significant risks to the critical infrastructure of the enterprise. In addition, the features of equipment and protocols in technology networks require specialized cybersecurity solutions that differ from traditional "office" security tools.
InfoDiode and KICS for Networks are designed specifically for industrial enterprises and critical infrastructure facilities. The combined use of these products makes it possible to simultaneously monitor the "permeability" of the air gap and detect abnormal activity and unauthorized actions in the technological network at the level of programmable logic controllers (PLC). Thus, the company is provided with comprehensive layered protection of the technological process and industrial equipment both against human errors and against targeted intruders.
The InfoDiode hardware complex is a unidirectional data transfer system that provides the necessary level of isolation of critical information systems, while maintaining the required level of their functionality for interaction with adjacent information systems.
KICS for Networks is a specialized tool for passive monitoring of an industrial network, part of the Kaspersky Industrial CyberSecurity family and aimed at protecting automated control systems and actuators at the network level. Additional protection at the level of logic and technological process dynamics can be implemented by retrofitting the solution with the Kaspersky MLAD system based on artificial intelligence methods.
Every year the number of cyber threats increases and security issues become more and more relevant. says Vladimir Leonov, Technical Director of AMT GROUP |
In the era of digitalization of industry, cybersecurity is becoming a basic business need. Confirming the compatibility of our products shows that the products can be used within the same system, and their functionality meets industry IT security requirements. |
For more than 10 years, AMT GROUP have been implement projects to create protection systems for critical infrastructure and APCS of industrial enterprises. In 2016, the AMT GROUP received the status of a platinum partner of Kaspersky Lab, and in 2020 - the status of an authorized integrator for the Kaspersky MLAD (Kaspersky Machine Learning for Anomaly Detection) product.
2018: Certification of FSTEC of Russia
Kaspersky Industrial CyberSecurity for Nodes (KICS) has been certified by the FSTEC of Russia. This confirms Kaspersky Lab's compliance with the requests and internal standards of the largest Russian companies, which impose increased requirements on the means of protection used at critical infrastructure facilities. Certification tests were carried out by the laboratory of JSC Sinclit.
According to the latest data from Kaspersky Lab ICS-CERT *, in the second half of 2017 alone, Kaspersky Lab solutions prevented attempts to infect 37.8% of computers they protect in automated control systems of industrial enterprises. In Russia, 46.8% of ACS computers were attacked, and in total, more than 17.9 thousand different modifications of malware were found in such networks.
Kaspersky Industrial CyberSecurity for Nodes is part of Kaspersky Lab's set of technologies and services for protecting all levels of production systems: from servers and engineering PCs to network equipment and PLCs. A comprehensive approach allows you to detect and prevent both accidental infections with malicious and ON targeted attacks, while maintaining continuity of technological processes.
2017
Compatibility with CAS Krug-2000 and SCADA Krug-2000
On November 20, 2017, NPF Krug announced that Kaspersky Lab's solution for critical infrastructures and industrial environments Kaspersky Industrial CyberSecurity had been tested for compatibility with the KRUG-2000 software and hardware complex (CAS KRUG-2000) and SCADA KRUG-2000 v4.2.
During the tests, a number of components of Kaspersky Industrial CyberSecurity were checked, including functions for monitoring the launch of applications and connecting devices, protecting against encryption, blocking access to network file resources from invalid nodes, as well as updating antivirus databases and scanning selected areas. According to the test results, the products can be used within a single information system, even taking into account the individual requirements of these solutions for the environment. Read more here.
Compatibility with Schneider Electric solutions
Schneider Electric and Kaspersky Lab tested the compatibility of Schneider Electric automated control systems with Kaspersky Industrial CyberSecurity at the beginning of the year. Based on the test results, a compatibility protocol was signed, which noted that the products can be used within the same system, and their functionality meets industry IT security requirements.
Kaspersky Industrial CyberSecurity for Energy
On March 20, 2017, it became known about the release of the version ON Kaspersky of Industrial CyberSecurity for Energy on the Kaspersky Industrial CyberSecurity platform.
According to Kaspersky Lab, the Kaspersky Industrial CyberSecurity for Energy version is intended for enterprises in the electric power industry. The product contains a set of protective functions to maintain the safety of the technological network, the integrity and continuity of technological processes[1]
The product supports the standards and protocols of interworking adopted in the electric power industry (IEC 60870-5-104, IEC 61850). The version includes a set of specialized services: from industrial safety trainings to support in the investigation of cyber incidents.
2016: SAP incorporates the system into its solutions
On April 13, 2016, it became known that Kaspersky Lab products would be built into SAP solutions. Joint efforts of the company will protect industrial enterprises.
As they write Vedomosti with reference to the SAP message, the German corporate manufacturer ON will include Kaspersky the Industrial CyberSecurity industrial facility protection system in its enterprise management products.
At the first stage, it is planned to integrate antivirus vendor products with the system of monitoring and ensuring economic security of enterprises developed by SAP. It is expected that such a solution will be useful to all industrial enterprises that collect data from their infrastructure using sensors and control it using IT systems.
As Andrei Dukhvalov, head of the advanced technologies department at Kaspersky Lab, clarified, the company, within the framework of cooperation with SAP, will protect infrastructure and a variety of devices at industrial enterprises (sensors, device interaction controllers, communication equipment, communication channels, etc.). Kaspersky Lab's solution will collect data from this equipment at work and transfer it to the SAP system.
According to Dukhvalov, the partnership of IT companies does not imply the release of a joint "boxed" product - cooperation is planned on projects of specific customers, for each of which a certain functionality of the Kaspersky Industrial CyberSecurity platform will be selected.
Andrey Dukhvalov believes that the main demand for a joint solution between Kaspersky Lab and SAP will come from customers in the energy and oil and gas sectors. First, the partners plan to work with customers from the CIS, and then reach the world level.[2]
2015: Анонс Kaspersky Industrial CyberSecurity
On December 21, 2015, Kaspersky Lab announced Kaspersky Industrial CyberSecurity (KICS) software for protecting industrial systems. The new platform launched the company's strategy to expand its corporate product portfolio.[3]
KICS contains a number of technologies that analyze traffic, track all executable programs and plug-in devices, control the industrial process, and monitor the operation of programmable logic controllers.
In addition, the software package includes intrusion prevention systems (monitors activity on a computer network and limits connections to its nodes) and vulnerability monitoring (scans the infrastructure for open holes in the software, thus preventing exploits from penetrating the industrial network).
KICS allows you to deeply analyze data circulating in automated process control systems, as well as transmit information about suspicious events and emergency situations to data collection and analysis systems.
As Andrey Suvorov, director of security business development for critical infrastructure at Kaspersky Lab, told Kommersant newspaper on December 21, 2015, KICS has already been implemented at the pilot level in Russia, Europe and the Middle East, including at the Taneko oil refinery (part of Tatneft).
Kaspersky Lab calls KICS the beginning of a new strategy that is to increase offers for the corporate sector.
"We focus on the serious business areas of our customers, such as process continuity, reducing the risks of production equipment failure as a result of cyber incidents, which require full implementation and support, and not just selling any software out of the box," said Andrei Suvorov[4]